happyDomain/happyDeliver
2
0
Fork 0
Code Issues 10 Pull requests 4 Projects Releases Packages Wiki Activity Actions

dkim: expose algorithm, hash list, and key size in DKIM record analysis

Browse source 
Parse k=, h=, a= tags and derive RSA key bit-length from the public key
so consumers can detect weak configurations (SHA-1, short keys).
Scoring now penalises rsa-sha1 (cap 60), RSA <1024 bit (cap 25), and
RSA <2048 bit (cap 75); Ed25519 receives no penalty.

Fixes: #37
This commit is contained in:
nemunaire 2026-05-18 17:15:48 +08:00
commit 1b8627ef86
4 changed files with 321 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/analyzer/dns.go
View file

@ -106,7 +106,7 @@ func (d *DNSAnalyzer) AnalyzeDNS(email *EmailMessage, headersResults *model.Head
// Check DKIM records by parsing DKIM-Signature headers directly
for _, sig := range parseDKIMSignatures(email.Header["Dkim-Signature"]) {
dkimRecord := d.checkDKIMRecord(sig.Domain, sig.Selector)
dkimRecord := d.checkDKIMRecord(sig)
if dkimRecord != nil {
if results.DkimRecords == nil {
results.DkimRecords = new([]model.DKIMRecord)